403 when viewing other user's profile

This commit is contained in:
Fuzzwah 2024-07-27 15:41:31 +10:00 committed by GitHub
parent 207a9e576c
commit 1e3714390e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -5,6 +5,7 @@ from django.utils.translation import gettext_lazy as _
from django.views.generic import DetailView
from django.views.generic import RedirectView
from django.views.generic import UpdateView
from django.core.exceptions import PermissionDenied
from {{ cookiecutter.project_slug }}.users.models import User
@ -19,6 +20,11 @@ class UserDetailView(LoginRequiredMixin, DetailView):
slug_url_kwarg = "username"
{%- endif %}
def get_object(self, queryset=None):
obj = super().get_object(queryset)
if obj.id != self.request.user.id:
raise PermissionDenied
return obj
user_detail_view = UserDetailView.as_view()